IN THE CLAIMS : 

Please amend claims 1-2, 5-6, 9, 16, 22, 24, 30-31, 43, 45, and 61 and add new 
claims 72-74 as follows. 

1 . (Currently Amended) A communication system comprising: 
a first node; 

a second node; and[[;]] 

at least one intermediate node between said first and second nodes; 

wherein said first and second nodes are arranged configured to be in 
communication and said first and second nodes have a first security association and one 
of said at least one intermediate node and said second node have a second security 
association; and 

wherein said first security association auth e nticat e s is configured to authenticate 
said second node to said first node and said second security association auth e nticat e s is 
configured to authenticate said at least one intermediate node to said second node. 

2. (Currently Amended) A system as claimed in claim 1, wherein at least one of 
said first and second security associations comprise pr e s e nting is configured to present at 
least one certificate to a respective one of said nodes for authentication. 

3. (Original) A system as claimed in claim 2, wherein said at least one certificate 
comprises a cryptographic certificate. 
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4. (Original) A system as claimed in claim 3, wherein said certificate comprises 
an X.509 certificate. 

5. (Currently Amended) A system as claimed in claim 1, wherein said at least one 
intermediate node insp e cts is configured to inspect information sent between said first 
and second nodes. 

6. (Currently Amended) A system as claimed in claim 1, wherein said at least one 
of intermediate nodes modifi e s is configured to modify information sent between said 
first and second nodes. 

7. (Original) A system as claimed in claim 1, wherein said first node is attached to 
a wireless network. 

8. (Original) A system as claimed claim 1, wherein said first node is attached to a 
packet switched network. 

9. (Currently Amended) A system as claimed in claim 1 3 wherein said first node is 
attached to a network operating in accordance with a G e n e ral Pack e t Radio Syst e m 
general packet radio system standard. 
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10. (Original) A system as claimed in claim 1, wherein said first node is 
connected to wireless user equipment. 

11. (Original) A system as claimed in claim 10, wherein said first node comprises 
one of a plurality of first nodes connected to said wireless user equipment. 

12. (Original) A system as claimed in claim 1, wherein said first node comprises a 
client device. 

13. (Original) A system as claimed in claim 1, wherein at least one of said first 
and second security associations comprises encryption. 

14. (Original) A system as claimed in claim 1, wherein said one of said at least 
one said intermediate node is configured to pass data packets from at least one of said 
first node to at least one of said second node and from at least one of said second node to 
at least one of said first node. 

15. (Original) A system as claimed in claim 1, wherein said at least one 
intermediate node is arranged in a network gateway node. 
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16. (Currently Amended) A system as claimed in claim 15, wherein the network 
gateway node comprises one of a gateway GPRS general packet radio system support 
node and a serving GPRS general packet radio system support node. 

17. (Original) A system as claimed in claim 15, wherein said second node is 
connected to said gateway node. 

18. (Original) A system as claimed in claim 12, wherein said client device 
comprises a computer, user equipment, mobile station, or personal digital assistant. 

19. (Original) A system as claimed in claim 1, wherein said second node 
comprises a server. 

20. (Original) A system as claimed in claim 1, wherein said second node is 
configured to provide a service to said first node. 

21. (Original) A system as claimed in claim 1, wherein the first node is 
configured to send a first connection message to the second node. 
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22. (Currently Amended) A system as claimed in claim 21 , wherein said first 
connection message comprises a Transmission Control Protocol transmission control 
protocol connection message. 

23. (Original) A system as claimed in claim 1, wherein the first node is 
configured to send a hello message to the at least one intermediate node. 

24. (Currently Amended) A system as claimed in claim 23, wherein said hello 
message comprises a S e cur e Sock e t Layer secure socket layer protocol handshake 
message. 

25. (Original) A system as claimed in claim 23, wherein the at least one 
intermediate node is configured to make a copy of at least a part of said hello message. 

26. (Original) A system as claimed in claim 23„ wherein said at least one 
intermediate node is configured to send said hello message to the second node. 

27. (Original) A system as claimed in claim 1, wherein the second node is 
configured to send a hello message to the said at least one intermediate node. 
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28. (Original) A system as claimed claim 27, wherein said at least one 
intermediate node is configured to send a handshake message to the second node in 
response to receiving said hello message from said second node. 

29. (Original) A system as claimed in claim 28, wherein said second node is 
configured to respond to said handshake message. 

30. (Currently Amended) A system as claimed in claim 28, wherein said response 
comprises a S e cur e Sock e t Lay e r secure socket layer protocol handshake message. 

31. (Currently Amended) A system as claimed in claim 28, wherein said 
handshake message sent to the second node comprises a S e cur e Socket Layer secure 
socket layer protocol handshake message. 

32. (Original) A system as claimed in claim 28, wherein said handshake messages 
are configured to create said second security association. 

33. (Original) A system as claimed in claim 28, wherein said handshake message 
sent by said one of said at least one intermediate node comprises a client certificate. 
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34. (Original) A system as claimed in claim 33, wherein said one of said at least 
one intermediate node is configured to create said client certificate when requested. 

35. (Original) A system as claimed in claim 33, wherein said one of said at least 
one intermediate node is configured to retrieve said client certificate from a storage 
device. 

36. (Original) A system as claimed in claim 1, wherein said at least one 
intermediate node and said second node are configured to generate at least one key to 
encrypt information sent between said at least one node and said second node, said at 
least one key being used in said second security association. 

37. (Original) A system as claimed in claim 1, wherein said first node and said 
second node are configured to generate at least one key to encrypt information sent there 
between said first node and said second node, said at least one key being used in said first 
security association. 

38. (Original) A system as claimed in claim 36, wherein said at least one 
intermediate node is configured to create said at least one key only when requested. 
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39. (Original) A system as claimed in claim 36, wherein said at least one 
intermediate node is configured to retrieve said at least one key from a storage device. 

40. (Original) A system as claimed in claim 36, wherein said at least one key is 
configured to be dependent on a client certificate. 

41. (Original) A system as claimed in claim 33, wherein at least one said client 
certificate certifies a known node which is known to said at least one intermediate node. 

42. (Original) A system as claimed in claim 33, wherein said client certificate 
certifies a holder of a specified resource. 

43. (Currently Amended) A system as claimed in claim 42, wherein said specified 
resource comprises one of an International Mobile Station Id e ntity t e lephone numb e r and 
a Mobile Station Integrated Service Digital Network international mobile station identity 
telephone number and a mobile station integrated service digital network telephone 
number. 

44. (Original) A system as claimed in claim 42, wherein at least one said client 
certificate authorizes said second node to charge said holder of said specified resource for 
services used or purchased. 
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45. (Currently Amended) A system as claimed in claim 1 3 wherein said second 
security association is configured to be established before said first security association. 

46. (Withdrawn) A system comprising: 

a first node; 

an intermediate node; and 

a second node, wherein said intermediate node is configured to store 
security information for said first node, said security information being configured to be 
used to provide security for a connection between the intermediate node and said second 
node. 

47. (Withdrawn) A system as claimed in claim 46, wherein said security 
comprises at least one of tunnelled connection, an authenticated connection and an 
encrypted connection. 

48. (Withdrawn) A system as claimed in claim 46, wherein a common protocol is 
used between said first and second nodes. 
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49. (Withdrawn) An intermediate node for use in a system between a first node 
and a second node, said intermediate node being configured to at least one of to store and 
to generate security information relating to said first node. 

50. (Withdrawn) A node as claimed in claim 49, wherein the security information 
comprises at least one of a security certificate, at least one security key, at least one 
public key and at least one private key. 

51. (Withdrawn) A system as claimed in claim 49, wherein at least one 
intermediate node is configured to calculate a message digest based on a received data 
packet and a secret key. 

52. (Withdrawn) A system as claimed in claim 51, wherein said at least one 
intermediate node adds said message digest to said received data packet prior to 
transmission. 

53. (Withdrawn) A system as claimed in claim 52, wherein said message digest is 
configured to be bit- wise added to the received data packet. 

54. (Withdrawn) A system as claimed in claim 52, wherein said message digest is 
configured to be concatenated to an end of the received data packet. 
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55. (Withdrawn) A system as claimed in claim 52 5 wherein said received data 
packet is configured to be encrypted by said secret key prior to being added to said 
message digest. 

56. (Withdrawn) A system as claimed in claim 52, wherein said message digest is 
configured to be added to a final n bits of the received data packet. 

57. (Withdrawn) A system as claimed in claim 52, wherein said message digest is 
configured to be calculated based on bits before the final n bits of the received data 
packet. 

58. (Withdrawn) A system as claimed in claim 51, wherein said at least one 
intermediate node is configured to remove said message digest from said data packet. 

59. (Withdrawn) A system as claimed in claim 51, wherein said at least one 
intermediate node is configured to decrypt said data packet using said secret key. 

60. (Original) A system as claimed in claim 27, wherein said second security 
association is based on data within said hello message sent from said second node. 
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61. (Currently Amended) A system as claimed claim 1 3 wherein said first node 
comprises an S e cur e Sock e t Lay e r Cli e nt secure socket layer client node. 

62. (Withdrawn) A method for a communication system comprising a first end 
node, a second end node and at least one intermediate node positioned between said first 
and second end nodes, comprising the steps of: 

applying a first security protocol to information sent between said first and second 
nodes; and 

applying a second security protocol to information sent between one of said 
intermediate nodes and said second node, wherein the information is then sent to or from 
said first node. 

63. (Withdrawn) A method for authenticating data packets in an intermediate 
node comprising the steps of: 

receiving a data packet from a first node; 
generating a secret key; 

generating a message digest based on said data packet and said secret key; 
generating a further data packet based on said data packet and said message 

digest; and 

transmitting said further data packet to a second node. 
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64. (Withdrawn) The method of claim 63, wherein said step of generating said 
further packet comprises the step of bit wise adding the message digest to a selection of 
bits from said data packet. 

65. (Withdrawn) The method of claim 63, wherein said step of generating said 
further packet comprises the step of concatenating the message digest to said data packet. 

66. (Withdrawn) The method of claim 63, further comprising the step of 
encrypting said data packet by said secret key prior to said step of generating said 
message digest. 

67. (Withdrawn) The method of claim 63, further comprising the step of 
encrypting said data packet by said secret key prior to said step of generating said further 
data packet. 

68. (Withdrawn) The method of claim 63, wherein said receiving step comprises 
receiving said data packet being M bits long. 

69. (Withdrawn) The method of claim 68, wherein said receiving step comprises 
selecting the last n bits of said data packet. 
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70. (Withdrawn) The method of claim 69, wherein said generating the message 
digest step depends on a first M-n bits of said data packet. 

71. (Withdrawn) The method of claim 63, further comprising the steps of: 
receiving a data packet from said second node; 

generating a modified data packet by removing the message digest from said data 
packet from said second node; and 

transmitting said modified data packet to said first node. 

72. (New) An intermediate node in a communication system having a first node 
and a second node, the intermediate node being in between the first node and the second 
node, comprising: 

a security association configured to authenticate the intermediate node to the 
second node; wherein the first and second nodes are in communication with one another 
using another security association configured to authenticate the second node to the first 
node. 

73. (New) A first node in a communication system having a second node and an 
intermediate node, comprising: 
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a first security association configured to authenticate the second node to the first 
node; wherein the second node is configured to utilize a second security association, 
which is configured to authenticate the intermediate node to the second node. 

74. (New) A second node in a communication system having a first node and an 
intermediate node, comprising: 

a security association configured to authenticate the intermediate node to the 
second node; wherein the second and first nodes are in communication with one another 
using a second-to-first node security association configured to authenticate the second 
node to the first node. 
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